Jump to content

WUpdate: KB2930275


epic

Recommended Posts

It seems that KB2930275 is causing a Critical_Process_Died in Windows 8.1 Professional, as well Server(?).

In my case I'm operating Windows 8.1 Professional W/MC. The update initially installed as a "Install WUpdates automatically," cycled the system this evening and come to find out that I was in an endless loop of Critical_Process_Died. Safe mode wasn't an option either, the error displayed there as well. A freakin nightmare, everything was running fine prior to the update, messing around for a good 1.5 hrs trying to solve it.

Finally caved after 1.5 hrs and restored a TIB image, without the update. Yet, everything worked like a charm, up until the point I installed the updates again. Having to experience the same problems, troubleshooting did not work, could not enter safe mode either - same problem! Even tried sfc /scannow in advanced startup, after Windows failed to repair the system, but the command wouldn't work as there was some mysterious reboot needing to take place, failed every time. I even tore apart the computer, having been led it's a GPU driver issue, which I know for a fact it is not. Took everything apart anyway and reset all the hardware and cables, but the error persisted. Restored the previous TIB image, back up and running with no problems, WITHOUT KB2930275. Disabled WUpdates completely, for now.

Anyone else experience this problem, or opted to not install it?

http://technet.microsoft.com/en-us/security/bulletin/ms14-015

Edited by epic
Link to comment
Share on other sites


It seems like a large number of people have had issues with this update, which has been defined as "dodgy".

A couple examples:

http://social.technet.microsoft.com/Forums/en-US/ccb4eb16-6eff-4622-86d8-c262ca85b9d1/kb2930275-dodgy-?forum=winserver8gen

https://forums.whirlpool.net.au/archive/2234454

According to this:

http://www.gfi.com/blog/march-patch-tuesday-roundup/?utm_source=rss&utm_medium=rss&utm_campaign=march-patch-tuesday-roundup

MS14-015 (KB2930275) This update addresses two vulnerabilities in the Windows kernel-mode driver, one of which could be used by an attacker to elevate privileges on the machine while the other could allow information disclosure. This update affects all supported versions of Windows (XP, Vista, Windows 7, Windows 8/8.1, Windows RT, Server 2003, 2008/2008 R2, and 2012/2012 R2), including the server core installations.

The important rating applies to all operating systems across the board and is based on the fact that in order to exploit the vulnerabilities, the attacker first has to have valid credentials to log onto the targeted system and must be on site to log on locally, so this would have to be perpetuated by an insider (someone with access to the premises where the computer is physically located).

Both vulnerabilities stem from the way the kernel-mode driver handles objects in memory and the update corrects the improper handling issues to fix the problem.

it is also seemingly a patch for a non-issue :w00t:.

I mean, valid credentials + local log on, if an attacker has those he ALREADY pwns all your bases. :ph34r:

jaclaz

Link to comment
Share on other sites

I mean, valid credentials + local log on, if an attacker has those he ALREADY pwns all your bases. :ph34r:

jaclaz

Who needs valid credentials when there is a simple linux tool to reset Windows credentials. USB+Brain.

Yeah, I noticed those offsite posts as well, but not many people have reported it, and was quite surprised no information was on msfn.

Link to comment
Share on other sites

Who needs valid credentials when there is a simple linux tool to reset Windows credentials. USB+Brain.

Well, if it comes to this, JFYI, there are also several suitable non-linux tools.

jaclaz

Link to comment
Share on other sites

For what it's worth I've been using my system pretty heavily since that update went in and it seems fine so far. So it's not a universal fail.

Is there a particular activity that seems to net problems?

-Noel

Link to comment
Share on other sites

Is there a particular activity that seems to net problems?

Are you joking? :unsure:

NO activity at all.

What epic clearly reported is that (for whatever reasons) this machine entered an endless (Wupdate induced) loop that forced him to restore a previous image, which is exactly what is reported in the two threads I posted a link to.

It is IMHO very possible that this happens on a limited number of installs/machines, as it has happened in the past, with people mad :realmad: at a given update/fix/KB and other ones very happy :) bout that same thing.

jaclaz

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...